Privacy policy
Disclosure in accordance with EU Regulation 679/2016
- 1. Background
- 2. Data controller
- 3. Tipes of data processed
- 4. Purpose and legal basis of the processing
- 5. Mandatory or optional nature of providing data and consequences of refusal to respond
- 6. Mode of processing and time of storage of personal data
- 7. Communication of data to third parties
- 8. Duration of processing and storage of personal data
- 9. Rights of the data subject
1. Background
Pursuant to Articles 13 et seq. of EU Regulation 679/2016 (“GDPR”), the following information is provided regarding the processing of personal data of users (“User/Users”) in the context of the consultation and/or use of the services of the website www.promemoriagroup.com (“Site”).
The information is provided only for the Site and not also for other websites that may be consulted by the User through links on the Site.
2. Data controller
The Data Controller is Promemoria Srl with registered office in Turin, Via Pomba 1.
Email info@promemoriagroup.com
Phone 011 19694875
3. Tipes of data processed
3.1 Browsing data
The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This is information that is not collected to be associated with identified subjects, but which by its very nature could allow users to be identified.
This category of data includes (i) the IP addresses or domain names of the computers used by users connecting to the Site, (ii) the URI (Uniform Resource Identifier) notation addresses of the resources requested, (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (successful, error) and (vii) other parameters relating to the user’s operating system and computer environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its proper functioning and are deleted immediately after processing.
3.2 Cookie
For the processing of data via cookies, please see the relevant policy, available at the following link.3.3 Data provided voluntarily by the User:
a) The optional, explicit and voluntary sending of electronic mail to the email addresses indicated on the Site entails the acquisition and processing by the Data Controller of such data and any other information contained in such communications for the purposes indicated in the following paragraph.
4. Purpose and legal basis of the processing
The processing of the User’s personal data by the Controller is for the purpose of:
- 1. Pursue, in accordance with Article 6.1(f) of the GDPR, a legitimate interest of its own, consisting in ensuring the security of the Site and the information exchanged on it, i.e., the ability of that Site to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted and the security of the related services offered or made accessible;
- 2. Allow the User to communicate with the email addresses listed on the Site.
5. Mandatory or optional nature of providing data and consequences of refusal to respond
The nature of the provision of data by the User is mandatory for the data controller to be able to provide the requested services. In case of refusal it will be impossible to use the chosen service.
6. Mode of processing and time of storage of personal data
Personal data are processed using manual, computer and automated systems. In order for the data to be processed correctly, it is necessary for the person concerned to communicate any changes in them in a timely manner.
7. Communication of data to third parties
Personal data will be processed by the Data Controller, by the Data Processors appointed by him/her and by strictly authorized data processors.
The data may, in addition, be communicated as a result of inspections or audits, if requested to the Company, to all inspection bodies in charge of audits and controls inherent to the regularity of legal compliance.
The Data Controller guarantees the utmost care so that the communication of personal data to the aforementioned recipients relates only to the data necessary to achieve the specific purposes for which they are intended.
8. Duration of processing and storage of personal data
The User’s personal data will be processed by the Controller only for the period of time necessary to achieve the purposes of the processing after which it will be kept only in execution of the relevant legal obligations, for administrative purposes and/or to assert or defend one’s right, in case of litigation and pre-litigation.
9. Rights of the data subject
As a data subject, the User may exercise, at any time, vis-à-vis the Controller the rights set forth in Art. 7 Privacy Code and Art. 15 GDPR listed below and may revoke at any time the consents expressed with this notice.
The User has the right to:
- obtain confirmation of the existence or non-existence of personal data concerning him/her, even if not yet registered, and their communication in intelligible form;
- Obtain indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, managers and designated representative under Art. 5, paragraph 2 Privacy Code and Art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as designated representative in the territory of the State, managers or agents;
- obtain: a) the updating, rectification or, when interested, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;
- oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning him/her, even if pertinent to the purpose of collection; b) the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and/or through traditional marketing methods by telephone and/or paper mail. It should be noted that the data subject’s right to object, set forth in point b) above, for direct marketing purposes through automated modalities extends to traditional ones and that, in any case, the possibility for the data subject to exercise the right to object even partially remains unaffected. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication.
Where applicable, it also has the rights under Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object), as well as the right to complain to the Data Protection Authority.